Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log

controllo log Opzioni
Topic Precedente · Topic Sucessivo
phanter23
Inviato: Wednesday, March 04, 2009 4:19:03 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
salve gente sul mio pc persiste ogni tanto un problema.. quando sono su internet explorer spesse volte il progamma stesso non mi risponde, nel senso che va in crash non lo fa sempre ma spesse volte e non capisco il motivo.. io per prevenzione ho messo a disposizione il log se eventualmente che non si sia annidato qualche indesiderato virussello oppure qualche mal funzionamento dovuto ad altre cause.. vi ringrazio.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.12.40, on 04/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldit-it.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Wyyo Service - Unknown owner - C:\ProgramData\Wyyo\wyyo123.exe

--
End of file - 5977 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, March 04, 2009 4:19:03 PM

 
Torna in alto
 
shapiro
Inviato: Wednesday, March 04, 2009 4:43:36 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao


Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe




scarica Avenger da qui

http://swandog46.geekstogo.com/avenger.zip

lo installi e lo lanci

Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:



files to delete:
C:\Program Files\RelevantKnowledge\rlvknlg.exe



Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\




Scarica ed installa MalwareBytes: clicca qui per il download

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

esegui una scansione completa del sistema e, una volta terminata la scansione, allega il log che verrà rilasciato. Vai nel tabellino AGGIORNAMENTO prima di fare la scansione
Torna in alto
 
phanter23
Inviato: Wednesday, March 04, 2009 9:49:09 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
Firma problema:
Nome evento problema: APPCRASH
Nome applicazione: iexplore.exe
Versione applicazione: 7.0.6001.18000
Timestamp applicazione: 47918f11
Nome modulo con errori: StackHash_9d20
Versione modulo con errori: 6.0.6001.18000
Timestamp modulo con errori: 4791a7a6
Codice eccezione: c0000374
Offset eccezione: 000b015d
Versione SO: 6.0.6001.2.1.0.256.1
ID impostazioni locali: 1040
Informazioni aggiuntive 1: 9d20
Ulteriori informazioni 2: a24acbd1972eb270e872987156bef758
Ulteriori informazioni 3: e54b
Ulteriori informazioni 4: 37e5bcf6a0fcda03c5ba3dd6a1a94d62

questo è l'errore che esce ogni qualvolta che va in crash per dare un'idea chiara del mio problema che persiste ancora e poi di seguito ecco il log da te richiesto:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Program Files\RelevantKnowledge\rlvknlg.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ho seguito tutti i tuoi consigli rimane solo la scansione di malware ma ancora è andato in blocco.
grazie per l'aiuto spero di riuscire a risolvere il problema.
Torna in alto
 
phanter23
Inviato: Wednesday, March 04, 2009 9:52:00 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
scusate avevo dimenticato di rimette il log di hijackthis con la modifica consigliata del'amico shapiro:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.49.56, on 04/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldit-it.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Wyyo Service - Unknown owner - C:\ProgramData\Wyyo\wyyo123.exe

--
End of file - 5352 bytes
Torna in alto
 
shapiro
Inviato: Wednesday, March 04, 2009 10:35:16 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
controlla qui ===> http://www.virustotal.com/it/ questo file

C:\ProgramData\Wyyo\wyyo123.exe

e dimmi qual'e' il responso degli antivirus


per il tuo problema, prova a dare un'occhiata qui

http://www.hwupgrade.it/forum/showthread.php?p=20493159
Torna in alto
 
phanter23
Inviato: Thursday, March 05, 2009 12:11:32 AM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
UN ANTIVIRUS IN QUESTIONE FORSE HA RILEVATO IL SEGUENTE MESSAGGIO CHE INCOLLO QUI DI SEGUITO:
Prevx1 V2 2009.03.05 High Risk Cloaked Malware

GLI ALTRI ANTIVIRUS NON HANNO TROVATO NULLA..
Torna in alto
 
phanter23
Inviato: Thursday, March 05, 2009 9:57:00 AM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
aggiungo anche questolog di malware che ho scansionato con modalita' completa, ho eliminato le minacce e messo in quarantena i file infetti in questo caso adesso come mi devo comportare?.. scusate le troppe aperture di discussione:

Malwarebytes' Anti-Malware 1.34
Versione del database: 1819
Windows 6.0.6001 Service Pack 1

05/03/2009 9.51.51
mbam-log-2009-03-05 (09-51-51).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|)
Elementi scansionati: 249417
Tempo trascorso: 53 minute(s), 10 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 2
File infetti: 7

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

File infetti:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
Torna in alto
 
shapiro
Inviato: Thursday, March 05, 2009 10:14:55 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciAO
a volte Prevx rileva dei falsi positivi - se molti antivirus non ti hanno indicato nessuna minaccia, non credo che Prevx prevalga

Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis


Torna in alto
 
phanter23
Inviato: Thursday, March 05, 2009 1:54:56 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
grazie shapiro stasera arrivo a casa faccio tutto quello che mi indichi.. scusami se le mie risposte arrivano in ritardo perchè non mi trovo in sede.. ti ringrazio per il tuo interessamento. ti faccio sapere di seguito il tutto.
Torna in alto
 
phanter23
Inviato: Thursday, March 05, 2009 9:52:33 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
ciao ecco i rapporti da te richiesti:
rapporto lopr1:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Ultimate ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Luigi ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.357 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:86 Go)
D:\ (Local Disk) - NTFS - Total:450 Go (Free:429 Go)
E:\ (Local Disk) - NTFS - Total:98 Go (Free:68 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 05/03/2009|21.39 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[30/09/2008|18.29] C:\Users\Luigi\AppData\Local\Adobe
[26/10/2008|23.38] C:\Users\Luigi\AppData\Local\Ahead
[30/09/2008|18.48] C:\Users\Luigi\AppData\Local\Apple
[21/10/2008|23.55] C:\Users\Luigi\AppData\Local\Apple Computer
[01/10/2008|10.46] C:\Users\Luigi\AppData\Local\Apps
[30/09/2008|16.15] C:\Users\Luigi\AppData\Local\ATI
[30/09/2008|11.58] C:\Users\Luigi\AppData\Local\Cronologia
[18/02/2009|18.19] C:\Users\Luigi\AppData\Local\d3d9caps.dat
[30/09/2008|11.58] C:\Users\Luigi\AppData\Local\Dati applicazioni
[05/03/2009|08.48] C:\Users\Luigi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[14/02/2009|01.20] C:\Users\Luigi\AppData\Local\GDIPFONTCACHEV1.DAT
[28/12/2008|01.13] C:\Users\Luigi\AppData\Local\Google
[05/03/2009|09.58] C:\Users\Luigi\AppData\Local\IconCache.db
[05/02/2009|23.31] C:\Users\Luigi\AppData\Local\IsolatedStorage
[03/02/2009|23.34] C:\Users\Luigi\AppData\Local\Microsoft
[06/10/2008|21.18] C:\Users\Luigi\AppData\Local\Microsoft Games
[30/09/2008|18.59] C:\Users\Luigi\AppData\Local\Microsoft Help
[06/02/2009|00.37] C:\Users\Luigi\AppData\Local\Nokia
[01/10/2008|21.19] C:\Users\Luigi\AppData\Local\PunkBuster
[05/03/2009|21.37] C:\Users\Luigi\AppData\Local\Temp
[30/09/2008|11.58] C:\Users\Luigi\AppData\Local\Temporary Internet Files
[30/09/2008|11.58] C:\Users\Luigi\AppData\Local\VirtualStore
[4|File] C:\Users\Luigi\AppData\Local\byte
[20|Directory] C:\Users\Luigi\AppData\Local\byte disponibili

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[25/02/2009 22.31][--a------] C:\Windows\tasks\PCConfidential.job
[22/01/2009 22.26][--a------] C:\Windows\tasks\{2D74AE28-19EF-4E0F-90C0-42681850EB9A}.job
[05/03/2009 20.47][--ah-----] C:\Windows\tasks\SA.DAT
[05/03/2009 09.58][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[03/12/2008|01.40] C:\ProgramData\18DC
[24/01/2009|21.17] C:\ProgramData\1DC2
[09/12/2008|03.32] C:\ProgramData\2413C
[30/11/2008|01.03] C:\ProgramData\2BD7
[23/12/2008|22.56] C:\ProgramData\Adobe
[30/09/2008|18.51] C:\ProgramData\Apple Computer
[02/11/2006|14.00] C:\ProgramData\Application Data
[18/02/2009|18.29] C:\ProgramData\ATI
[30/09/2008|18.45] C:\ProgramData\CyberLink
[30/09/2008|11.56] C:\ProgramData\Dati applicazioni
[02/11/2006|14.00] C:\ProgramData\Desktop
[30/09/2008|11.56] C:\ProgramData\Documenti
[02/11/2006|14.00] C:\ProgramData\Documents
[02/11/2006|14.00] C:\ProgramData\Favorites
[10/01/2009|02.10] C:\ProgramData\Google
[05/02/2009|23.27] C:\ProgramData\Installations
[05/03/2009|20.48] C:\ProgramData\Kaspersky Lab
[30/09/2008|16.20] C:\ProgramData\Kaspersky Lab Setup Files
[03/03/2009|23.08] C:\ProgramData\Malwarebytes
[30/09/2008|11.56] C:\ProgramData\Menu Avvio
[03/02/2009|23.34] C:\ProgramData\Microsoft
[18/02/2009|18.55] C:\ProgramData\Microsoft Help
[30/09/2008|11.56] C:\ProgramData\Modelli
[30/09/2008|18.36] C:\ProgramData\Nero
[08/01/2009|00.43] C:\ProgramData\Nokia
[05/02/2009|23.26] C:\ProgramData\NokiaMusic
[08/01/2009|00.45] C:\ProgramData\PC Suite
[30/09/2008|11.56] C:\ProgramData\Preferiti
[22/01/2009|22.26] C:\ProgramData\Skype
[02/11/2006|14.00] C:\ProgramData\Start Menu
[23/02/2009|23.42] C:\ProgramData\SweetIM
[02/11/2006|14.00] C:\ProgramData\Templates
[30/09/2008|18.18] C:\ProgramData\WLInstaller
[25/02/2009|22.30] C:\ProgramData\Wyyo
[0|File] C:\ProgramData\byte
[36|Directory] C:\ProgramData\byte disponibili

--------------------\\ Listing Folders in C:\Program Files

[01/10/2008|21.00] C:\Program Files\Activision
[11/11/2008|00.13] C:\Program Files\Adobe
[18/02/2009|18.21] C:\Program Files\ATI
[18/02/2009|18.29] C:\Program Files\ATI Technologies
[24/10/2008|21.40] C:\Program Files\Axon Data
[22/01/2009|00.01] C:\Program Files\BearShare Applications
[30/09/2008|18.14] C:\Program Files\BitLocker
[04/11/2008|22.50] C:\Program Files\CD'n'Go! Suite
[25/02/2009|22.57] C:\Program Files\Common Files
[30/09/2008|18.45] C:\Program Files\CyberLink
[05/02/2009|22.36] C:\Program Files\DIFX
[04/02/2009|22.55] C:\Program Files\directx
[30/09/2008|18.32] C:\Program Files\Disk Cleaner
[03/03/2009|23.40] C:\Program Files\Eusing Free Registry Cleaner
[01/10/2008|10.44] C:\Program Files\EVEREST
[19/01/2009|22.43] C:\Program Files\Fast Folder Access
[30/09/2008|11.56] C:\Program Files\File comuni [C:\Program Files\Common Files]
[22/01/2009|22.26] C:\Program Files\Google
[10/02/2009|21.58] C:\Program Files\InstallShield Installation Information
[06/10/2008|10.37] C:\Program Files\Intel
[30/09/2008|18.48] C:\Program Files\Internet Explorer
[30/09/2008|18.49] C:\Program Files\Java
[13/02/2009|21.24] C:\Program Files\JkDefrag-3.36
[30/09/2008|16.21] C:\Program Files\Kaspersky Lab
[30/09/2008|18.34] C:\Program Files\K-Lite Codec Pack
[03/03/2009|23.08] C:\Program Files\Malwarebytes' Anti-Malware
[25/02/2009|23.03] C:\Program Files\MediaCoder
[29/01/2009|01.46] C:\Program Files\Microsoft
[30/09/2008|19.20] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/01/2009|22.28] C:\Program Files\Microsoft Games
[30/09/2008|19.02] C:\Program Files\Microsoft Office
[02/03/2009|21.31] C:\Program Files\Microsoft Silverlight
[29/01/2009|01.48] C:\Program Files\Microsoft SQL Server Compact Edition
[30/09/2008|19.02] C:\Program Files\Microsoft Visual Studio
[30/09/2008|18.59] C:\Program Files\Microsoft Visual Studio 8
[30/09/2008|19.02] C:\Program Files\Microsoft Works
[30/09/2008|19.01] C:\Program Files\Microsoft.NET
[30/09/2008|12.26] C:\Program Files\Movie Maker
[30/09/2008|19.02] C:\Program Files\MSBuild
[30/09/2008|19.19] C:\Program Files\MSXML 4.0
[30/09/2008|18.36] C:\Program Files\Nero
[25/01/2009|21.58] C:\Program Files\PhotoScape
[03/03/2009|23.27] C:\Program Files\QUAD Utilities
[30/09/2008|18.48] C:\Program Files\QuickTime
[30/09/2008|16.15] C:\Program Files\Realtek
[02/11/2006|13.35] C:\Program Files\Reference Assemblies
[11/11/2008|23.25] C:\Program Files\Route_Riter
[01/10/2008|21.50] C:\Program Files\Sony
[24/02/2009|00.12] C:\Program Files\SweetIM
[29/10/2008|23.33] C:\Program Files\TopByteLabs
[04/03/2009|15.54] C:\Program Files\Trend Micro
[04/02/2009|22.50] C:\Program Files\Ubi Soft
[10/02/2009|21.58] C:\Program Files\Ubisoft
[02/11/2006|14.00] C:\Program Files\Uninstall Information
[30/09/2008|12.26] C:\Program Files\Windows Calendar
[30/09/2008|12.26] C:\Program Files\Windows Collaboration
[30/09/2008|12.26] C:\Program Files\Windows Defender
[30/09/2008|12.26] C:\Program Files\Windows Journal
[23/02/2009|21.51] C:\Program Files\Windows Live
[29/01/2009|01.46] C:\Program Files\Windows Live SkyDrive
[11/02/2009|22.22] C:\Program Files\Windows Mail
[24/02/2009|22.47] C:\Program Files\Windows Media Player
[30/09/2008|11.56] C:\Program Files\Windows NT
[30/09/2008|12.26] C:\Program Files\Windows Photo Gallery
[30/09/2008|12.26] C:\Program Files\Windows Sidebar
[25/02/2009|22.57] C:\Program Files\Winferno
[30/09/2008|18.49] C:\Program Files\WinRAR
[25/02/2009|22.57] C:\Program Files\Wyyo
[25/02/2009|22.57] C:\Program Files\Yahoo!
[0|File] C:\Program Files\byte
[71|Directory] C:\Program Files\byte disponibili

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/11/2008|00.13] C:\Program Files\Common Files\Adobe
[23/12/2008|23.10] C:\Program Files\Common Files\Adobe AIR
[30/09/2008|18.37] C:\Program Files\Common Files\Ahead
[30/09/2008|19.02] C:\Program Files\Common Files\DESIGNER
[06/11/2008|22.23] C:\Program Files\Common Files\InstallShield
[30/09/2008|18.48] C:\Program Files\Common Files\Java
[22/01/2009|22.45] C:\Program Files\Common Files\Microsoft Games
[23/02/2009|21.49] C:\Program Files\Common Files\microsoft shared
[14/02/2009|01.17] C:\Program Files\Common Files\Nokia
[02/11/2006|12.18] C:\Program Files\Common Files\Services
[02/11/2006|12.18] C:\Program Files\Common Files\SpeechEngines
[30/09/2008|12.26] C:\Program Files\Common Files\System
[29/01/2009|01.26] C:\Program Files\Common Files\Windows Live
[30/09/2008|18.19] C:\Program Files\Common Files\WindowsLiveInstaller
[0|File] C:\Program Files\Common Files\byte
[16|Directory] C:\Program Files\Common Files\byte disponibili

--------------------\\ Process

( 49 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 21:39:59
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:2][D:1]-> C:\Users\Luigi\AppData\Local\Temp
[F:9][D:1]-> C:\Users\Luigi\AppData\Roaming\MICROS~1\Windows\Cookies
[F:88][D:4]-> C:\Users\Luigi\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 05/03/2009|21.37 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 05/03/2009|21.40 - Option : [1]

--------------------\\ Scan completed at 21.40.46
[ UAC => 1 ]



rapporto lopr 2:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Ultimate ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Luigi ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.357 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:86 Go)
D:\ (Local Disk) - NTFS - Total:450 Go (Free:429 Go)
E:\ (Local Disk) - NTFS - Total:98 Go (Free:68 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 05/03/2009|21.41 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in Local

[30/09/2008|18.29] C:\Users\Luigi\AppData\Local\Adobe
[26/10/2008|23.38] C:\Users\Luigi\AppData\Local\Ahead
[30/09/2008|18.48] C:\Users\Luigi\AppData\Local\Apple
[21/10/2008|23.55] C:\Users\Luigi\AppData\Local\Apple Computer
[01/10/2008|10.46] C:\Users\Luigi\AppData\Local\Apps
[30/09/2008|16.15] C:\Users\Luigi\AppData\Local\ATI
[30/09/2008|11.58] C:\Users\Luigi\AppData\Local\Cronologia
[18/02/2009|18.19] C:\Users\Luigi\AppData\Local\d3d9caps.dat
[30/09/2008|11.58] C:\Users\Luigi\AppData\Local\Dati applicazioni
[05/03/2009|08.48] C:\Users\Luigi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[14/02/2009|01.20] C:\Users\Luigi\AppData\Local\GDIPFONTCACHEV1.DAT
[28/12/2008|01.13] C:\Users\Luigi\AppData\Local\Google
[05/03/2009|09.58] C:\Users\Luigi\AppData\Local\IconCache.db
[05/02/2009|23.31] C:\Users\Luigi\AppData\Local\IsolatedStorage
[03/02/2009|23.34] C:\Users\Luigi\AppData\Local\Microsoft
[06/10/2008|21.18] C:\Users\Luigi\AppData\Local\Microsoft Games
[30/09/2008|18.59] C:\Users\Luigi\AppData\Local\Microsoft Help
[06/02/2009|00.37] C:\Users\Luigi\AppData\Local\Nokia
[01/10/2008|21.19] C:\Users\Luigi\AppData\Local\PunkBuster
[05/03/2009|21.41] C:\Users\Luigi\AppData\Local\Temp
[30/09/2008|11.58] C:\Users\Luigi\AppData\Local\Temporary Internet Files
[30/09/2008|11.58] C:\Users\Luigi\AppData\Local\VirtualStore
[4|File] C:\Users\Luigi\AppData\Local\byte
[20|Directory] C:\Users\Luigi\AppData\Local\byte disponibili

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[25/02/2009 22.31][--a------] C:\Windows\tasks\PCConfidential.job
[22/01/2009 22.26][--a------] C:\Windows\tasks\{2D74AE28-19EF-4E0F-90C0-42681850EB9A}.job
[05/03/2009 20.47][--ah-----] C:\Windows\tasks\SA.DAT
[05/03/2009 09.58][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[03/12/2008|01.40] C:\ProgramData\18DC
[24/01/2009|21.17] C:\ProgramData\1DC2
[09/12/2008|03.32] C:\ProgramData\2413C
[30/11/2008|01.03] C:\ProgramData\2BD7
[23/12/2008|22.56] C:\ProgramData\Adobe
[30/09/2008|18.51] C:\ProgramData\Apple Computer
[02/11/2006|14.00] C:\ProgramData\Application Data
[18/02/2009|18.29] C:\ProgramData\ATI
[30/09/2008|18.45] C:\ProgramData\CyberLink
[30/09/2008|11.56] C:\ProgramData\Dati applicazioni
[02/11/2006|14.00] C:\ProgramData\Desktop
[30/09/2008|11.56] C:\ProgramData\Documenti
[02/11/2006|14.00] C:\ProgramData\Documents
[02/11/2006|14.00] C:\ProgramData\Favorites
[10/01/2009|02.10] C:\ProgramData\Google
[05/02/2009|23.27] C:\ProgramData\Installations
[05/03/2009|20.48] C:\ProgramData\Kaspersky Lab
[30/09/2008|16.20] C:\ProgramData\Kaspersky Lab Setup Files
[03/03/2009|23.08] C:\ProgramData\Malwarebytes
[30/09/2008|11.56] C:\ProgramData\Menu Avvio
[03/02/2009|23.34] C:\ProgramData\Microsoft
[18/02/2009|18.55] C:\ProgramData\Microsoft Help
[30/09/2008|11.56] C:\ProgramData\Modelli
[30/09/2008|18.36] C:\ProgramData\Nero
[08/01/2009|00.43] C:\ProgramData\Nokia
[05/02/2009|23.26] C:\ProgramData\NokiaMusic
[08/01/2009|00.45] C:\ProgramData\PC Suite
[30/09/2008|11.56] C:\ProgramData\Preferiti
[22/01/2009|22.26] C:\ProgramData\Skype
[02/11/2006|14.00] C:\ProgramData\Start Menu
[23/02/2009|23.42] C:\ProgramData\SweetIM
[02/11/2006|14.00] C:\ProgramData\Templates
[30/09/2008|18.18] C:\ProgramData\WLInstaller
[25/02/2009|22.30] C:\ProgramData\Wyyo
[0|File] C:\ProgramData\byte
[36|Directory] C:\ProgramData\byte disponibili

--------------------\\ Listing Folders in C:\Program Files

[01/10/2008|21.00] C:\Program Files\Activision
[11/11/2008|00.13] C:\Program Files\Adobe
[18/02/2009|18.21] C:\Program Files\ATI
[18/02/2009|18.29] C:\Program Files\ATI Technologies
[24/10/2008|21.40] C:\Program Files\Axon Data
[22/01/2009|00.01] C:\Program Files\BearShare Applications
[30/09/2008|18.14] C:\Program Files\BitLocker
[04/11/2008|22.50] C:\Program Files\CD'n'Go! Suite
[25/02/2009|22.57] C:\Program Files\Common Files
[30/09/2008|18.45] C:\Program Files\CyberLink
[05/02/2009|22.36] C:\Program Files\DIFX
[04/02/2009|22.55] C:\Program Files\directx
[30/09/2008|18.32] C:\Program Files\Disk Cleaner
[03/03/2009|23.40] C:\Program Files\Eusing Free Registry Cleaner
[01/10/2008|10.44] C:\Program Files\EVEREST
[19/01/2009|22.43] C:\Program Files\Fast Folder Access
[30/09/2008|11.56] C:\Program Files\File comuni [C:\Program Files\Common Files]
[22/01/2009|22.26] C:\Program Files\Google
[10/02/2009|21.58] C:\Program Files\InstallShield Installation Information
[06/10/2008|10.37] C:\Program Files\Intel
[30/09/2008|18.48] C:\Program Files\Internet Explorer
[30/09/2008|18.49] C:\Program Files\Java
[13/02/2009|21.24] C:\Program Files\JkDefrag-3.36
[30/09/2008|16.21] C:\Program Files\Kaspersky Lab
[30/09/2008|18.34] C:\Program Files\K-Lite Codec Pack
[03/03/2009|23.08] C:\Program Files\Malwarebytes' Anti-Malware
[25/02/2009|23.03] C:\Program Files\MediaCoder
[29/01/2009|01.46] C:\Program Files\Microsoft
[30/09/2008|19.20] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/01/2009|22.28] C:\Program Files\Microsoft Games
[30/09/2008|19.02] C:\Program Files\Microsoft Office
[02/03/2009|21.31] C:\Program Files\Microsoft Silverlight
[29/01/2009|01.48] C:\Program Files\Microsoft SQL Server Compact Edition
[30/09/2008|19.02] C:\Program Files\Microsoft Visual Studio
[30/09/2008|18.59] C:\Program Files\Microsoft Visual Studio 8
[30/09/2008|19.02] C:\Program Files\Microsoft Works
[30/09/2008|19.01] C:\Program Files\Microsoft.NET
[30/09/2008|12.26] C:\Program Files\Movie Maker
[30/09/2008|19.02] C:\Program Files\MSBuild
[30/09/2008|19.19] C:\Program Files\MSXML 4.0
[30/09/2008|18.36] C:\Program Files\Nero
[25/01/2009|21.58] C:\Program Files\PhotoScape
[03/03/2009|23.27] C:\Program Files\QUAD Utilities
[30/09/2008|18.48] C:\Program Files\QuickTime
[30/09/2008|16.15] C:\Program Files\Realtek
[02/11/2006|13.35] C:\Program Files\Reference Assemblies
[11/11/2008|23.25] C:\Program Files\Route_Riter
[01/10/2008|21.50] C:\Program Files\Sony
[24/02/2009|00.12] C:\Program Files\SweetIM
[29/10/2008|23.33] C:\Program Files\TopByteLabs
[04/03/2009|15.54] C:\Program Files\Trend Micro
[04/02/2009|22.50] C:\Program Files\Ubi Soft
[10/02/2009|21.58] C:\Program Files\Ubisoft
[02/11/2006|14.00] C:\Program Files\Uninstall Information
[30/09/2008|12.26] C:\Program Files\Windows Calendar
[30/09/2008|12.26] C:\Program Files\Windows Collaboration
[30/09/2008|12.26] C:\Program Files\Windows Defender
[30/09/2008|12.26] C:\Program Files\Windows Journal
[23/02/2009|21.51] C:\Program Files\Windows Live
[29/01/2009|01.46] C:\Program Files\Windows Live SkyDrive
[11/02/2009|22.22] C:\Program Files\Windows Mail
[24/02/2009|22.47] C:\Program Files\Windows Media Player
[30/09/2008|11.56] C:\Program Files\Windows NT
[30/09/2008|12.26] C:\Program Files\Windows Photo Gallery
[30/09/2008|12.26] C:\Program Files\Windows Sidebar
[25/02/2009|22.57] C:\Program Files\Winferno
[30/09/2008|18.49] C:\Program Files\WinRAR
[25/02/2009|22.57] C:\Program Files\Wyyo
[25/02/2009|22.57] C:\Program Files\Yahoo!
[0|File] C:\Program Files\byte
[71|Directory] C:\Program Files\byte disponibili

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/11/2008|00.13] C:\Program Files\Common Files\Adobe
[23/12/2008|23.10] C:\Program Files\Common Files\Adobe AIR
[30/09/2008|18.37] C:\Program Files\Common Files\Ahead
[30/09/2008|19.02] C:\Program Files\Common Files\DESIGNER
[06/11/2008|22.23] C:\Program Files\Common Files\InstallShield
[30/09/2008|18.48] C:\Program Files\Common Files\Java
[22/01/2009|22.45] C:\Program Files\Common Files\Microsoft Games
[23/02/2009|21.49] C:\Program Files\Common Files\microsoft shared
[14/02/2009|01.17] C:\Program Files\Common Files\Nokia
[02/11/2006|12.18] C:\Program Files\Common Files\Services
[02/11/2006|12.18] C:\Program Files\Common Files\SpeechEngines
[30/09/2008|12.26] C:\Program Files\Common Files\System
[29/01/2009|01.26] C:\Program Files\Common Files\Windows Live
[30/09/2008|18.19] C:\Program Files\Common Files\WindowsLiveInstaller
[0|File] C:\Program Files\Common Files\byte
[16|Directory] C:\Program Files\Common Files\byte disponibili

--------------------\\ Process

( 51 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 21:41:53
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:2][D:1]-> C:\Users\Luigi\AppData\Local\Temp
[F:9][D:1]-> C:\Users\Luigi\AppData\Roaming\MICROS~1\Windows\Cookies
[F:88][D:4]-> C:\Users\Luigi\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 05/03/2009|21.37 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 05/03/2009|21.40 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 05/03/2009|21.42 - Option : [2]

--------------------\\ Scan completed at 21.42.41
[ UAC => 1 ]


rapporto hijackthis:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.47.16, on 05/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldit-it.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Wyyo Service - Unknown owner - C:\ProgramData\Wyyo\wyyo123.exe

--
End of file - 5334 bytes

spero di aver eseguito bene quello da te richiesto. grazie
Torna in alto
 
phanter23
Inviato: Friday, March 06, 2009 1:38:29 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
QUALCUNO PUO RISPONDERE AL MIO PROBLEMA?? GRAZIE
Torna in alto
 
shapiro
Inviato: Friday, March 06, 2009 1:42:59 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
phanter 123 dammi il tempo di mangiare un boccone Drool fammi controllare

a dopo
Torna in alto
 
phanter23
Inviato: Friday, March 06, 2009 3:17:57 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
certo shapiro scusami pensavo che mi avevi abbandonato :-) fai pure buon pranzo.. aspettero'.. grazie e scusa per la fretta!!
Torna in alto
 
shapiro
Inviato: Friday, March 06, 2009 3:44:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
rieccomi...scusa ma il tempo non basta mai

il log e' puito, (a parte una voce che non mi convince)

prova a fare una scansione online e dimmi ora il pc come va'

http://www.kaspersky.com/virusscanner

clicca su "kaspersky online scanner"
clicca su "accept"
--- verrà eseguito il download dei componenti necessari alla scansione
quando è terminato clicca su "my computer" (finestra a sinistra)
avvia la scansione
--- da questo punto in poi, puoi anche disconnettere il pc da internet
quando finisce la scansione, salva e posta il rapporto.
Torna in alto
 
phanter23
Inviato: Friday, March 06, 2009 3:52:54 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
ci mancherebbe anzi scusami tu.. allora ti volevo comunicare dopo con le varie procedure che mi hai consigliato fino adesso non ho avuto nessun crask di internet explorer e sembra che il progamma malware e con le voci che abbiamo eliminato abbiamo risolto il problema.. l'unica cosa mi rimane che adesso non sono dal pc in questione, come rientro stasera faccio la scansione da te consigliata.. anche se premetto ho gia installata la versione antivirus kaspersky 2009 non so se devo farla ugualmente oppure non e necessario essendo che ho gia la versione?? poi mi dirai tu.. comunque grazie tantissimo caro amico shapiro sei stato veramente di grande aiuto...
Torna in alto
 
shapiro
Inviato: Friday, March 06, 2009 3:59:45 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se come antivirus hai kaspersky puoi anche non farla-- semmai scansiona il pc col tuo antivirus e vedi se rileva qualcosa
Torna in alto
 
phanter23
Inviato: Friday, March 06, 2009 4:58:26 PM
Rank: Member

Iscritto dal : 1/10/2006
Posts: 20
si ho fatto una scansione completa ma non mi ah rilevato nessun virus..
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.